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(54) Printed document authentication 

(57) A method for authenticating a printed docu- 
ment is described. A document producer sends infor- 
mation to be included in a document to an 
authentication authority. The authentication authority 
cryptographically generates an authentication code 
from this information, and sends the authentication 
code back to the document producer. The document 
producer then prints the document, including both the 
information and the authentication code, and a bar code 
representing the authentication code. A document 
checker scans in the bar code, and ^ cryptographically 
checks the authentication code against the information 
in the document. 
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Description 

Background to the Invention 

[0001 ] This invention relates to a method and appa- s 
ratus for authenticating printed documents. 
[0002] It is frequently required to provide some way 
of checking the authenticity of printed documents, to 
confirm that the document has been issued from a par- 
ticular source, and that the information in it has not been io 
tampered with. In particular, such authentication may be 
required for certificates of various kinds. 
[0003] As an example, in the UK it is a requirement 
that any road vehicle over three years old should have a 
test certificate, referred to as an MOT certificate. These is 
certificates are issued by licensed vehicle testing sta- 
tions, following an inspection of the vehicle to check its 
roadworthiness and compliance with legal require- 
ments. The certificate must be presented at a post 
office when the owner of the vehicle re-licenses it. 20 
Clearly, the post office should check that the certificate 
is not a forgery, and that the information in it has not 
been altered. At present, the post office clerk does this 
simply by making a visual check. 

[0004] The object of the invention is to provide an 25 
improved method for authenticating printed documents. 

Summary of t he Invention 

[0005] According to the invention a method for 30 . 
authenticating a printed document comprises the follow- 
ing steps: 

a) a document producer sends information to be 
included in a document to an authentication author- 35 

ity; 

b) the authentication authority cryptographically 
generates an authentication code from this informa- 
tion, and sends the authentication code back to the 
document producer; 4c 

c) the document producer prints the document, 
including both the information and the authentica- 
tion code; and 

d) a document checker cryptographically checks 
the authentication code against the information in 45 
the document. 

[0006] In the MOT certificate example described 
above, the document producer would be the vehicle 
testing station, the authentication authority may be a so 
central agency run by (or with powers delegated by) the 
government Vehicle Inspectorate (VI), and the docu- 
ment checker may be the post office at which the MOT 
is presented. 

[0007] The authentication code may be generated 55 
and checked using a cryptographic key associated with 
the authentication authority. A secret key, known to both 
the authentication authority and the document checker, 



may be used. Alternatively, a public/private key pair may 
be used where the authentication code is generated 
using the authentication authority's private key and 
checked using its public key. 

[0008] One document authentication method in 
accordance with the invention will now be described by 
way of example with reference to the accompanying 
drawings. 

Brief Description of the Drawings 
[0009] 

Figure -1 is a schematic diagram of a system for 
issuing and authenticating certif icates. 

Figure 2 is a flow chart showing the operation of a 
software component for issuing certificates. 

Figure 3 is a schematic diagram showing a certifi- 
cate produced by the system. 

Description of an Embodiment of the Invention 

[0G10] Referring to Figure 1, the system involves 
the following entities: 

■ VI Data Centre 1 01 This is a centra! agency, run by 

the Vehicle Inspectorate (VI). 
ib Vehicle testing stations (VTS) 102. These are 
authorised by the VI to test vehicles and to issue 
MOT certificates. Each vehicle testing station may 
employ one or more authorised vehicle testers to 
carry out the tests. 
m Post Offices 103. 

[001 1 ] The VI Data Centre includes a central server 
. computer 104, and a database 105. The database holds 
details of all licensed vehicles, vehicle testing stations, 
and authorised vehicle testers. The VI Data Centre has 
a secret key, referred to herein as the VI secret key, 
which in this example is known to both the VI data cen- 
tre and the post offices. 

[0012] Each of the vehicle testing stations 102 has 
a computer terminal 106, which can communicate with 
the central server 104 by way of a network 107. The ter- 
minal is connected to a printer 108, which is used for 
printing the MOT test certificates 109. The printer 108 
incorporates a barcode scanner, so that it can read bar- 
codes on blank certificates inserted into the printer. 
[0013] Each of the terminals 106 includes commu- 
nications software, which manages communications 
between terminal and the central server. All communi- 
cations between terminal and the central server are 
encrypted, to ensure that messages cannot be inter- 
cepted. In addition, security technology is used to verify 
the authenticity of both ends of the link, to prevent a 
rogue device from linking into the network and pretend- 
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ing to be a terminal. 

[0014] In operation, a vehicle tester can enter infor- 
mation relating to a particular vehicle test into the termi- 
nal. The terminal includes a function which allows the 
vehicle tester to confirm the results of a test and, if the 
results are confirmed, to print a test certificate or failure 
notice as appropriate. Figure 2 shows this function in 
more detail. 

[0015] (Step 201) The function first displays the test 
information, with the overall result (pass or fail) summa- 
rised. 

[001 6] (Step 202) The function then asks the tester 
to confirm whether or not the test results are correct. If 
they are not correct, the function exits, and the tester 
may then go back to change the testrnfbrmation. 
[0017] (Step 203) If the tester confirms that the 
results are correct, the function therirbranches accord- 
ing to the test result. : u"-.* "a - 
[0018] (Step 204) If the test result was "pass", the 
function prompts the user ;to specify whether the test 
certificate is to be printed locally, at the test station, '.or 
mailed directly from the VI Data Centre to the registered 
keeper of the vehicle. •„ ' r v : 
[0019] (Step 205) If the test certificate is to be 
printed locally, the function promptsvthe user to feed a 
blank pass certificate into the printer 108. Each blank 
pass certificate has a unique pre-printed serial number, 
and a barcode containing the serial number, as well as 
other security features such as a watermark. The VI 
keeps a record of the serial numbers of the certificates 
issued to each testing station, so that each certificate 
can be traced back to a particular testing station, v 
[0020] (Steps 206-207) When the ^certificate is in 
the printer, the function instructs the barcode scanner 
incorporated in the printer to scan in the certificate 
serial number. The terminal then transmits a message 
to the central server. The message contains details of 
the tester and the test station, the ccertificate serial 
number, the vehicle details, and the test results. 
[0021] When the central server 104. receives this 
message, it performs a final check to: confirm that the 
tester and the vehicle test station are duly authorised to 
perform the test. 

[0022] Assuming this check is satisfactory,: the cen- 
tral server proceeds as follows. First; it generates a 
message authentication code (MAC) from a predeter- 
mined sub-set of information in the message. In this 
example, the MAC is generated by performing a key- 
dependent one-way hash of the information, using the 
VI secret key. The central server transmits this MAC 
back to the terminal. 

[0023] (Step 208) When the terminal receives the 
MAC, it prints the certificate. The contents of the certifi- 
cate are described below. 

[0024] (Step 209) If on the other hand the test cer- 
tificate is to be mailed directly to the registered keeper 
of the vehicle, the function transmits the test information 
to the central server, with a request for a mailed certifi- 



cate. The central server performs checks as described 
above, and if these checks are satisfactory, prints the 
certificate. 

[0025] (Steps 210-21 2) If the test result was "fail- 
5 ure", the function prompts the user to feed a blank fail- 
ure notice into the printer. The function then transmits 
the test information to the central server, and prints the 
failure notice. 

[0026] Figure 3 shows the format of the certificate. 
10 It includes the following: 

■ Pre-printed certificate serial number 301, and pre- 
printed barcode (not shown) containing this serial 
number. 

is m Test date 302 

■ Expiry date of certificate 303. 

■ Vehicle details 304. 

* ■ MAC 305, as a string of characters. 

■ Bar code 306, representing the MAC in bar code 
20 ' form. - ' 

[0027] Referring again to Figure 1 , each of the Post 

v , : Offices 103 is provided with at least one terminal 112, 
having a bar code reader 1 13. It is assumed that the ter- 

25 "0 minal has knowledge of the VI secret key 

[0028] When a vehicle owner presents an MOT cer- 
tificate at the post office, the post office clerk uses the 
bar code reader 1 13 to scan the bar code 306 on the 
* certificate, so as read the MAC into the terminal. 

30. [0029] The clerk also types in the predetermined 
sub-set of information from the certificate (i.e. the same 
sub-set as used by the central server to generate the 
MAC). The terminal then uses this information, along 
with the VI secret key, to generate a MAC, and corn- 

35 pares this with the MAC read from the bar code. If they 
are not equal, the terminal generates a message to alert 
the. clerk. 

[0030] If for any reason the bar code reader will not 
read the bar code, the clerk may type the MAC into the 
40 , terminal, from the printed version of the VI signature. 

;[0031] In summary, it can be seen that the system 
1 described above allows a certificate to be authenticated 
quickly and easily. 

45 Some possible modifications 

[0032] It will be appreciated that many modifica- 
tions may be made to the system described above with- 
out departing from the scope of the present invention. 

so For example, instead of using a secret key to form the 
MAC and to check it, a public/private key pair may be 
used. In this case, the authentication code is generated 
using the authentication authority's private key and 
checked using its public key. 

55 [0033] Instead of requiring the clerk to type informa- 
tion from the certificate into the terminal, the information 
could be scanned in. 

[0034] Instead of requiring the clerk to scan or key 
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in the MAC from the certificate, the terminal may display 
the MAC it has generated, so that the clerk can visually 
compare this with the MAC printed on the certificate. 
[0035] The vehicle test station could be arranged to 
authenticate the previous year's certificate, before gen- 
erating a new one. 

[0036] It should be noted that the invention is not 
restricted to issuing of MOT certificates as described 
above, but can be used in any application where it is 
required to authenticate a printed document. 

Claims 

1. A method for authenticating a printed document 
comprising the following steps: 

a) a document producer (102) sends informa- 
tion to be included in a document (109) to an 
authentication authority (101); 

b) the authentication authority (101) crypto- 
graphicaliy generates an authentication code 
from this information, and sends the authenti- 
cation code back to the document producer 
(102); 

c) the document producer (102) prints the doc- 
ument (109). including both the information and 
the authentication code; and 

d) a document checker (103) cryptographically 
checks the authentication code against the 
information in the document. 

2. A method according to Claim 1 wherein the docu- 
ment producer includes a bar code (306) in the doc- 
ument, said bar code containing the authentication 
code, and wherein the document authenticator is 
provided with means (113) for reading the bar code 
to obtain the authentication code. 

3. A method according to Claim 1 or 2 wherein the 
document includes a pre-printed serial number 
(301), which is sent to said authentication authority, 
and wherein said authentication authority uses said 
pre-printed serial number in generating said 
authentication code. 

4. A method according to Claim 3 wherein said pre- 
printed serial number is included in said document 
as a pre-printed bar code. 

5. A method according to Claim 4 wherein the docu- 
ment producer uses a combined printer and bar- 
code scanner (108) to read said pre-printed bar 
code and then to print said document. 

6. A method according to any preceding claim 
wherein said document checker performs the fol- 
lowing steps: 



a) entering said authentication code into a 
computer; 

b) entering information in the document into the 
computer; 

5 c) causing the computer to cryptographically 

generate a check code from said information; 
and 

d) causing the computer to compare said check 
code with said authentication code and to gen- 
re erate a warning indication if said check code 
does not correspond with said authentication 
code. 

7. A method according to any preceding claim 
15 wherein said authentication authority cryptographi- 
cally generates said authentication code using a 
cryptographic key associated with said authentica- 
tion authority. 

20 8. A method according to Claim 7 wherein said crypto- 
graphic key is a secret key known to both the 
authentication authority. 

9. A method according to Claim 8 wherein said 
25 authentication code is generated by performing a 

key-dependent one-way hash of said information, 
using said secret key. 

10. A method according to Claim 7 wherein said 
30 authentication authority generates said authentica- 
tion code using the private key of a publitfprivate 
key pair, and wherein the document checker checks 
the authentication code using the public key of said 
public/private key pair. 

35 

11. A method according to any preceding claim 
wherein communication between said document 
producer and said authentication authority is pro- 
tected by encryption. 

40 

12. A method according to any preceding claim 
wherein the document producer can specify an 
option of having the certificate printed by said 
authentication authority instead of printing the cer- 

45 trficate locally. 

13. Apparatus for authenticating a printed document, 
comprising: 

so a) a plurality of document producer stations 

(102); 

b) at least one authentication service (101); 
and 

c) a plurality of document checker stations 
55 (103); 

d) wherein each document producer station 
includes means (106) for inputting information 
to be included in a document (1 09), and means 
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for sending said information to said authentica- 
tion service; 

e) wherein the authentication service includes 
means (104) for cryptographically generating 
an authentication code from this information, 5 
and means for sending the authentication code 
back to the document producer station; 

f) wherein each document producer station 
includes means (108) for printing the document 
(109), including both the information and the 10 
authentication code; 

g) and wherein each document checker station 
includes means (112) for cryptographically 
checking the authentication code against the 
information inithedocumentu^i . 75 

14. Apparatus according to Claim* 1& wherein each of 
said document producer stations includes a com- 
bined printer and bar code scanner (108) for read- 
ing from said document, a preprinted bar code: 20 
containing a serial number. ■>■;-:. 

15. Apparatus according to Claim 13 or 14 wherein 
each of said document producer stations includes : 
means (108) for printing bar codes on documents; . ' 25 
and wherein each of said document checker sta-^ 
tions includes a bar code reader (1 13) for readings 
bar codes from documents. 

- 30 
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(54) Printed document authentication 

(57) A method for authenticating a printed document 
is described. A document producer sends information 
to be included in a document to an authentication au- 
thority. The authentication authority cryptograph ically 
generates an authentication code from this information, 
and sends the authentication code back to the docu- 



ment producer. The document producer then prints the 
document, including both the information and the au- 
thentication code, and a bar code representing the au- 
thentication code. A document checker scans in the bar 
code, and cryptograph ically checks the authentication 
code against the information in the document. 
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